Changes

Jump to navigation Jump to search
178 bytes added ,  04:06, 16 November 2020
no edit summary
Line 1: Line 1:  +
 
== Key slots ==
 
== Key slots ==
 
0x000-0x07F:
 
0x000-0x07F:
Line 49: Line 50:  
     ...
 
     ...
 
     0x778-0x780: RsaRevocationKey15
 
     0x778-0x780: RsaRevocationKey15
 +
 +
= F00D/ARM =
    
== E0000000: MailboxFoodToArm ==
 
== E0000000: MailboxFoodToArm ==
Line 84: Line 87:  
     0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
 
     0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
 
     0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
     0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 +
 +
= F00D_E0020000 =
    
== E0020000 ==
 
== E0020000 ==
Line 100: Line 105:  
== E0020020: ? ==
 
== E0020020: ? ==
 
rsa_expmod() reads and writes back this register before reading the result of the RSA operation.
 
rsa_expmod() reads and writes back this register before reading the result of the RSA operation.
 +
 +
= Keyring controller =
    
== E0030000: KeySetValue ==
 
== E0030000: KeySetValue ==
Line 142: Line 149:  
VULN!! If you have AesDecryptAllowed, you can encrypt arbitrary AES blocks without AesEncryptAllowed. Use CTR mode.
 
VULN!! If you have AesDecryptAllowed, you can encrypt arbitrary AES blocks without AesEncryptAllowed. Use CTR mode.
    +
= SceBignum controller? =
 +
 +
Many registers are wrong
    
== E0040108 RsaSignatureBuffer ==
 
== E0040108 RsaSignatureBuffer ==
Line 156: Line 166:     
== E0040808 RsaExponent ==
 
== E0040808 RsaExponent ==
 +
 +
= SceBigmac controller =
    
== E0050000 BigmacSrc ==
 
== E0050000 BigmacSrc ==
Line 250: Line 262:     
VULN! Allows partial overwrite. However when using keyslot crypto, this key remains unaffected. Thus it cannot be used to recover keyslot keys.
 
VULN! Allows partial overwrite. However when using keyslot crypto, this key remains unaffected. Thus it cannot be used to recover keyslot keys.
 +
 +
= SceBigmac Keyring =
    
== E0058000 KeyRingDirectAccess ==
 
== E0058000 KeyRingDirectAccess ==
 
Size: 0x10000 bytes.
 
Size: 0x10000 bytes.
 +
 +
= F00D_E0070000 =
    
== E0070000 EmmcCryptoToggle? ==
 
== E0070000 EmmcCryptoToggle? ==

Navigation menu